Having previously
highlighted the security threat posed by cybercriminals, Seqrite, a specialist
provider of enterprise cybersecurity products and solutions, has revealed
another threat vector which has been growing in prominence: Remote Desktop
Protocol (RDP) brute-force attacks. The enterprise arm of Quick Heal
Technologies has successfully blocked more than 35,000 RDP-based attacks per
day on an average in the last three months.

Businesses across
the country use RDP to manage and access remote systems and devices, but often
don’t protect these IT resources with robust passwords or adequate security
measures. All of this gives cybercriminals an opportunity to take over
vulnerable systems through brute-force and dictionary attacks. Security
researchers at Seqrite have highlighted the easy availability of automated
tools and hacked passwords on the Dark Web as another major reason behind the
recent resurgence of RDP brute force attacks.

According to
researchers at Seqrite, RDP-based brute-force attacks are being used to deploy
cryptominers on the infected systems for immediate and continuous returns, as
well as to provide a platform for advanced Ransomware families such as
GandCrab, Dharma/Crysis, and XTBL. The level of threat that these attacks pose
also led the FBI and the Department of Homeland Security (DHS) in the US to recently
issue a joint public warning on the growing usage of RDP administration tool as
a popular attack vector.

Seqrite
recommends Indian enterprises to adopt advanced security measures to protect
against these attacks, as well as to disable the RDP service when not in use.
Strong passwords, two-factor authentication, and account lockout policies
should be used as an added layer of protection against brute-force attacks.
Systems and software must be updated regularly, while the ‘enable logging’ and
‘ensure logging’ mechanisms must be set up to capture RDP logins.

The network
exposure for all control system devices should be minimised; wherever possible,
RDP on critical systems should not be enabled. Comprehensive enterprise
security solutions, such as Endpoint Security combined with Firewall Protection
can also be implemented to effectively block RDP attacks.